mod/manage.php

   1 <?php
   2 /**
   3  * @file mod/manage.php
   4  */
   5 use Friendica\App;
   6 use Friendica\Core\Authentication;
   7 use Friendica\Core\Hook;
   8 use Friendica\Core\L10n;
   9 use Friendica\Core\Renderer;
  10 use Friendica\Database\DBA;
  11
  12 function manage_post(App $a) {
  13
  14         if (! local_user()) {
  15                 return;
  16         }
  17
  18         $uid = local_user();
  19         $orig_record = $a->user;
  20
  21         if(!empty($_SESSION['submanage'])) {
  22                 $r = q("select * from user where uid = %d limit 1",
  23                         intval($_SESSION['submanage'])
  24                 );
  25                 if (DBA::isResult($r)) {
  26                         $uid = intval($r[0]['uid']);
  27                         $orig_record = $r[0];
  28                 }
  29         }
  30
  31         $r = q("SELECT * FROM `manage` WHERE `uid` = %d",
  32                 intval($uid)
  33         );
  34
  35         $submanage = $r;
  36
  37         $identity = (!empty($_POST['identity']) ? intval($_POST['identity']) : 0);
  38         if (!$identity) {
  39                 return;
  40         }
  41
  42         $limited_id = 0;
  43         $original_id = $uid;
  44
  45         if (DBA::isResult($submanage)) {
  46                 foreach ($submanage as $m) {
  47                         if ($identity == $m['mid']) {
  48                                 $limited_id = $m['mid'];
  49                                 break;
  50                         }
  51                 }
  52         }
  53
  54         if ($limited_id) {
  55                 $r = q("SELECT * FROM `user` WHERE `uid` = %d LIMIT 1",
  56                         intval($limited_id)
  57                 );
  58         } else {
  59                 // Check if the target user is one of our children
  60                 $r = q("SELECT * FROM `user` WHERE `uid` = %d AND `parent-uid` = %d LIMIT 1",
  61                         intval($identity),
  62                         DBA::escape($orig_record['uid'])
  63                 );
  64
  65                 // Check if the target user is one of our siblings
  66                 if (!DBA::isResult($r) && ($orig_record['parent-uid'] != 0)) {
  67                         $r = q("SELECT * FROM `user` WHERE `uid` = %d AND `parent-uid` = %d LIMIT 1",
  68                                 intval($identity),
  69                                 DBA::escape($orig_record['parent-uid'])
  70                         );
  71                 }
  72
  73                 // Check if it's our parent
  74                 if (!DBA::isResult($r) && ($orig_record['parent-uid'] != 0) && ($orig_record['parent-uid'] == $identity)) {
  75                         $r = q("SELECT * FROM `user` WHERE `uid` = %d LIMIT 1",
  76                                 intval($identity)
  77                         );
  78                 }
  79
  80                 // Finally check if it's out own user
  81                 if (!DBA::isResult($r) && ($orig_record['uid'] != 0) && ($orig_record['uid'] == $identity)) {
  82                         $r = q("SELECT * FROM `user` WHERE `uid` = %d LIMIT 1",
  83                                 intval($identity)
  84                         );
  85                 }
  86         }
  87
  88         if (!DBA::isResult($r)) {
  89                 return;
  90         }
  91
  92         unset($_SESSION['authenticated']);
  93         unset($_SESSION['uid']);
  94         unset($_SESSION['visitor_id']);
  95         unset($_SESSION['administrator']);
  96         unset($_SESSION['cid']);
  97         unset($_SESSION['theme']);
  98         unset($_SESSION['mobile-theme']);
  99         unset($_SESSION['page_flags']);
 100         unset($_SESSION['return_path']);
 101         if (!empty($_SESSION['submanage'])) {
 102                 unset($_SESSION['submanage']);
 103         }
 104         if (!empty($_SESSION['sysmsg'])) {
 105                 unset($_SESSION['sysmsg']);
 106         }
 107         if (!empty($_SESSION['sysmsg_info'])) {
 108                 unset($_SESSION['sysmsg_info']);
 109         }
 110
 111         Authentication::setAuthenticatedSessionForUser($r[0], true, true);
 112
 113         if ($limited_id) {
 114                 $_SESSION['submanage'] = $original_id;
 115         }
 116
 117         $ret = [];
 118         Hook::callAll('home_init',$ret);
 119
 120         $a->internalRedirect('profile/' . $a->user['nickname'] );
 121         // NOTREACHED
 122 }
 123
 124
 125
 126 function manage_content(App $a) {
 127
 128         if (! local_user()) {
 129                 notice(L10n::t('Permission denied.') . EOL);
 130                 return;
 131         }
 132
 133         if (!empty($_GET['identity'])) {
 134                 $_POST['identity'] = $_GET['identity'];
 135                 manage_post($a);
 136                 return;
 137         }
 138
 139         $identities = $a->identities;
 140
 141         //getting additinal information for each identity
 142         foreach ($identities as $key=>$id) {
 143                 $thumb = q("SELECT `thumb` FROM `contact` WHERE `uid` = '%s' AND `self` = 1",
 144                         DBA::escape($id['uid'])
 145                 );
 146
 147                 $identities[$key]['thumb'] = $thumb[0]['thumb'];
 148
 149                 $identities[$key]['selected'] = ($id['nickname'] === $a->user['nickname']);
 150
 151                 $notifications = 0;
 152
 153                 $r = q("SELECT DISTINCT(`parent`) FROM `notify` WHERE `uid` = %d AND NOT `seen` AND NOT (`type` IN (%d, %d))",
 154                         intval($id['uid']), intval(NOTIFY_INTRO), intval(NOTIFY_MAIL));
 155
 156                 if (DBA::isResult($r)) {
 157                         $notifications = sizeof($r);
 158                 }
 159
 160                 $r = q("SELECT DISTINCT(`convid`) FROM `mail` WHERE `uid` = %d AND NOT `seen`",
 161                         intval($id['uid']));
 162
 163                 if (DBA::isResult($r)) {
 164                         $notifications = $notifications + sizeof($r);
 165                 }
 166
 167                 $r = q("SELECT COUNT(*) AS `introductions` FROM `intro` WHERE NOT `blocked` AND NOT `ignore` AND `uid` = %d",
 168                         intval($id['uid']));
 169
 170                 if (DBA::isResult($r)) {
 171                         $notifications = $notifications + $r[0]["introductions"];
 172                 }
 173
 174                 $identities[$key]['notifications'] = $notifications;
 175         }
 176
 177         $o = Renderer::replaceMacros(Renderer::getMarkupTemplate('manage.tpl'), [
 178                 '$title' => L10n::t('Manage Identities and/or Pages'),
 179                 '$desc' => L10n::t('Toggle between different identities or community/group pages which share your account details or which you have been granted "manage" permissions'),
 180                 '$choose' => L10n::t('Select an identity to manage: '),
 181                 '$identities' => $identities,
 182                 '$submit' => L10n::t('Submit'),
 183         ]);
 184
 185         return $o;
 186
 187 }